Vulnerability CVE-2003-0098 - CERT Civis.Net

Vulnerability Name:

CVE-2003-0098 (CCN-11334)

Assigned:

2003-02-15

Published:

2003-02-15

Updated:

2018-09-26

Summary:

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CALDERA
Type: Broken Link
CSSA-2003-015.0

Source: CCN
Type: Gentoo Linux Security Announcement 200302-13
apcupsd -- remote root vulnerability and buffer overflows

Source: MITRE
Type: CNA
CVE-2003-0098

Source: CONFIRM
Type: Broken Link, Vendor Advisory
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6

Source: MISC
Type: Broken Link
http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt

Source: CCN
Type: SECTRACK ID: 1006108
Apcupsd Format String Flaw May Let Remote Users Gain Root Access

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1006108

Source: CONFIRM
Type: Broken Link
http://sourceforge.net/project/shownotes.php?release_id=137900

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-277

Source: DEBIAN
Type: DSA-277
apcupsd -- buffer overflows

Source: XF
Type: Broken Link
apcupsd-logevent-format-string(11334)

Source: MANDRAKE
Type: Third Party Advisory
MDKSA-2003:018

Source: SUSE
Type: Broken Link
SuSE-SA:2003:022

Source: CCN
Type: OSVDB ID: 10748
APC apcupsd Slave Server Request Format String

Source: BID
Type: Third Party Advisory, VDB Entry
6828

Source: CCN
Type: BID-6828
APC apcupsd Client Syslog Format String Vulnerability

Source: BID
Type: Third Party Advisory, VDB Entry
7200

Source: CCN
Type: BID-7200
APC apcupsd Multiple Buffer Overflow Vulnerabilities

Source: CCN
Type: Apcupsd Web site
Apcupsd, a daemon for controlling APC UPSes

Source: XF
Type: UNKNOWN
apcupsd-logevent-format-string(11334)

Source: SUSE
Type: SUSE-SA:2003:022
apcupsd: remote system compromise

Vulnerable Configuration:

Configuration 1:

cpe:/a:apcupsd:apcupsd:*:*:*:*:*:*:*:* (Version < 3.8.6)

OR cpe:/a:apcupsd:apcupsd:*:*:*:*:*:*:*:* (Version >= 3.10.0 and < 3.10.5)

Configuration 2:

cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apc:apcupsd:3.8.5:*:*:*:*:*:*:*

OR cpe:/a:apc:apcupsd:3.10.4:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.1::ia64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.2::ppc:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.debian:def:277	V	buffer overflows, format string	2003-04-03